EU cookie laws verified

A bit of a stray from the norm this week on this blog, we’re going to talk about some legislation that has just been ratified by the EU. Before I start I should point out that I am not a lawyer and so this is just my opinion on the situation. But if you are a regular reader of this blog you will have remembered that in November last year I wrote a post about the EU cookie law that was introduced. Recently, this has been ratified by a working party on the subject to clear up some interpretations.

A potted history of the subject:

In Late 2007, Facebook caused controversy when they used their Beacon advertising to produce detailed targeted adverts based on the information that you had entered in Facebook. The real concern was that your data was being passed to Facebook on their partner sites when you were logged out and reconciled with data from when you were logged on.

In March 2008, Phorm, an advertising agency started to hear a lot of concern about their controversial use of behavioural targeting. Controversial was mainly because of the fact that nobody had ever really done it before with adverts. Whilst it was accepted that Amazon would monitor your web browsing pattern and combine it with what everyone else was doing to provide you with things that you might like to also buy (hence increasing their revenue), it was ok whilst they were just using their own sites data. Phorm on the other hand used data from not just the site you were browsing at the time, but also all other sites with Phorm adverts to find user behaviours to give you targeted adverts. The British Government green lighted this activity as the user had the ability to opt out of the advertising by blocking cookies in their browser.

Late 2009 the EU decided to create a new ruling on cookies. It stated that the user had to give express permission for the website to give the user except in exceptional circumstances “strictly necessary” for “essential services”. This was fairly woolly of course and the IAB, the outspoken voice of the online advertising industry, said that users were expressly giving permission for cookies, because they had the option in their browsers to do something about it.

This of course, didn’t go down well with the EU who have just verified the rules in the past week. They say that this is not true and the fact that of the major browsers, three of the four of them default to having third party cookies accepted. Users, they claim, don’t understand the risks and therefore are not changing these settings. The IAB, of course disagreed with this and were quite vociferous in their rebuttal. The heads of the publishing industry, agreed with the IAB as this is their major source of income (although maybe not for those that are going behind a paywall).

Generally speaking, the word that is being bandied around is ‘Shambles’. A more detailed piece on the subject from the last couple of days comes from Struan Robertson at the out-law.

Advertisers and publishers would rather not ask users if they want to be tracked for advertising purposes because users’ answers could damage their businesses. But it’s hard to avoid asking that question: the Working Party’s interpretation of the law is, in purely legal terms, the most compelling interpretation, however flawed and unhelpful the law itself may be.

So the compelling story is that so far this is a bad thing for advertisers and Publishers – it really affects their business models. They are going to have to ask users if they want to be tracked on their advertising and if they don’t, then they will lose out on a whole host of information. Click through rates of display advertising have plummeted and stand at about 0.1%. It is generally accepted for display adverts that the main purpose of them is for branding to encourage users to come back to the site at a later date. It is of course more or less impossible to track this if you can’t draw information from the advertising back to the sale of a product. This is of course done by linking a tag loaded on an advert with a tag on a sale complete page with the use of a cookie.

Now we have suddenly affected a group of Marketers who aren’t necessarily trying to do any behavioural targeting, but they are trying to monitor the effectiveness of their advertising. If they can’t do this, they’ll move to a more favoured method that means they can monitor this. More of that in a minute, but if the death of the newspapers was started by the web, the death of online news could be started very easily in this new ruling.

Web Analytics

It would be remiss of me if I didn’t talk about Web Analytics. Most Web Analytics make use of cookies these days. In case you hadn’t noticed there are lots of blogs talking about how to do web analytics and make use of the data collected. Virtually every website in the world has a web analytics tool associated with it. Does this mean that every time you look at a new website for the first time you are going to be prompted to opt in or opt out of using the cookies associated with that website. The ruling seems to be suggesting it that way. This will have a serious impact on your analysis – opt in always means that you are going to be working on a smaller sample that you would otherwise.

What about networks like YouTube? Every time I embed a YouTube video on my site, Google is going to drop some cookies on my computer so that it will know that this video has been viewed and by who. This sounds like not only are you going to have to expressly ask permission every time you look at a website, but potentially at every single bit of embedded content.

Finally there is an opposite end to the advertising – if I pay money for Google to put me on their sponsored search results, I want to be able to tell if causes more people to buy my product. If it doesn’t, then I’m not going to spend that money. How does this work? Well it links up the information that is passed in the tag of the landing page that says that you have come from a paid keyword, with the information passed in the tag of the thank you page. How does it do this? Yep – they have the same cookie ID.

And in all the examples above we haven’t really done anything that the user would notice, that would infringe on their personal data rights, but what we have done is optimised our business and increased revenue.

This whole this strikes me as an odd way of working the system. It’s a bit like banning glasses because people are drinking too much alcohol. Not only are you having a big effect on things like Web Analytics which are mainly harmless ways of getting information on how to optimise your site, but the behavioural advertising guys are just going to come up with new ways of getting around this issue.

I’m hoping that the UK Government takes a stand and doesn’t ratify it. Unfortunately the only ones arguing against are the IAB and the Publishers, who are concerned about their revenue streams. Really we need one of the big analytics companies to make a stand – an Omniture, a Webtrends or a Google.

2 comments on “EU cookie laws verified”

For those interested, Conrad Bennett – senior director of technical services for web analytics specialists Webtrend – has penned an article in Marketing Week, so maybe Webtrends will pick up the fight.

I have to agree – also doe this apply to session variables? what’s the deal with that. Do we have a situation where you will have to ask for permission otherwise all our tracking and shopping carts go out of the window!?

Stupid way to approach the problem – would have been better to specify acceptable uses for cookies.